CVE-2025-48862

Summary

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.

Affected Software

VendorProductVersion RangeStatus
Bosch Rexroth AGctrlX OS - Setup1.20.0 <= 1.20.1affected
Bosch Rexroth AGctrlX OS - Setup2.6.0 <= 2.6.1affected
Bosch Rexroth AGctrlX OS - Setup3.6.0 <= 3.6.2affected

Weaknesses

  • CWE-1104: CWE-1104 Use of Unmaintained Third Party Components
  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References